Member Alert: Phishing Scam Spreading Via Google Docs
A widespread phishing scam involving Google Docs seems to be making its way across the internet with users documenting spam messages coming from a fake email address.
The phishing email reportedly arrives in your inbox and says that someone you know has shared a Google Doc with you. There is a button promoting victims to open the document. If the recipient clicks on it, they are redirected to a non-Google address, and then everyone in their Google address book gets the same phishing email, only with the victim of the scam as the sender.
It's not yet clear what the aim of the phishing scam is, but it’s important to get the word out. And, if you get a suspicious email, don't click on the "Open in Docs" button. If you do, change your Gmail password immediately, and set up two-factor authentication if you haven't done so already.
"This big phishing attack is clever; an 0AUTH based attack. Tricks you into giving “permission” to read your emails," tweeted Matt Tait, a British security expert.
0AUTH is a widely used credentialing standard that keeps you logged into accounts for a long period of time, and can also be used across accounts. For example, when you log into Gmail on one Chrome tab, then open another tab to open Google Drive, a 0AUTH "token" logs you into the second tab's content automatically.
Likewise, if you keep a browser logged into a Twitter account indefinitely, that's 0AUTH at work. Malicious hackers love stealing 0AUTH tokens because they can be reused until the user completely logs out of an account on all devices.
Never click on links or open suspicious email! The best way to protect your information and security is to stay diligent and help spread the word about current scams.
« Return to "Member Alerts"